CVE-2018-6446

CRITICAL

Brocade Network Advisor < 14.3.1 - Unauthenticated Remote Code Execution via Hard-coded JBoss Credentials

Title source: llm

Description

A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-841

Scores

CVSS v3 9.8

EPSS 0.0085

EPSS Percentile 75.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (1)

broadcom/brocade_network_advisor < 14.3.1

Published Jun 29, 2020

Tracked Since Feb 18, 2026